Blindfold: Confidential Memory Management by Untrusted Operating System

TL;DR

Blindfold addresses the challenge of confidential memory management with an untrusted OS by introducing Guardian, a small trusted component that mediates memory access through switching page and interrupt tables and a capability-based semantic interface. It preserves OS-level optimizations by providing an encrypted view for non-semantic accesses and a secure ABI for common kernel operations, avoiding full data encryption. The approach is architecture-agnostic and demonstrated on ARMv8-A/Linux, with around 400 lines of kernel modifications and Guardian implemented in about 2.2K lines of Rust code. Evaluation shows competitive performance and a runtime TCB smaller than prior CC systems, while maintaining Linux functionality for memory management except for memory compression.

Abstract

Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to achieve confidentiality. In doing so, they render OS memory optimization unusable or complicate the trusted computing base (TCB) required for optimization. This paper presents our results toward overcoming these limitations, synthesized in a CC design named Blindfold. Like many other CC solutions, Blindfold relies on a small trusted software component running at a higher privilege level than the kernel, called Guardian. It features three techniques that can enhance existing CC solutions. First, instead of nesting page tables, Guardian mediates how the OS accesses memory and handles exceptions by switching page and interrupt tables. Second, Blindfold employs a lightweight capability system to regulate the kernel semantic access to user memory, unifying case-by-case approaches in previous work. Finally, Blindfold provides carefully designed secure ABI for confidential memory management without encryption. We report an implementation of Blindfold that works on ARMv8-A/Linux. Using Blindfold prototype, we are able to evaluate the cost of enabling confidential memory management by the untrusted Linux kernel. We show Blindfold has a smaller runtime TCB than related systems and enjoys competitive performance. More importantly, we show that the Linux kernel, including all of its memory optimizations except memory compression, can function properly for confidential memory. This requires only about 400 lines of kernel modifications.

Figures (8)

• Figure 1: A very high-level comparison of Blindfold's approach of switching vs. that of nesting used in chen2008overshadowhofmann2013inktagkwon2016segoguan2017trustshadowli2019hypsecli2021twinvisorvan2022blackbox. In the latter, the TCB (higher-privileged) must manage the additional level of address translations and its page tables. In contrast, in Blindfold, all the page tables (PTs) are still in the OS (privileged) while the TCB ( Guardian) only mediates their use and updates. Similarly Blindfold also places the interrupt tables in the OS while the TCB only decides which one to use depending on whether the running process is sensitive or not, unlike prior work in which the interrupt table is inside the TCB, e.g., guan2017trustshadowli2019hypsecli2021twinvisor. See §\ref{['sec:related']} for the detailed comparison.
• Figure 2: A comparison of Blindfold’s techniques for semantic and non-semantic access vs. existing solutions. For non-semantic access, such as page migration, existing CC solutions either block the OS’s access to user space, disabling essential OS functions, or require expensive data copy and encryption. For semantic access, such as the write system call, existing CC solutions employ corresponding service functions inside the TCB, i.e., case-by-case, leading to an inflated TCB. Blindfold resolves these issues by providing secure ABI and a capability system with general applicability.
• Figure 3: Blindfold Overview. Blindfold switches the page tables (PTs) and the interrupt tables (ITs) to ensure all OS memory access (§\ref{['sec:secure_virtual_mem']} and §\ref{['sec:clearview']}) and control flow changes (§\ref{['sec:secure_exception_handle']}) are mediated by the TCB (Guardian) (§\ref{['sec:guardian_design']}). For semantic access, we employ a lightweight capability system in the Guardian to verify access from the OS (§\ref{['sec:clearview']}). Blindfold provides an interface to enable direct communication between the application and the Guardian bypassing the OS (§\ref{['sec:guardian_design']}).
• Figure 4: LMbench memory throughput benchmark: read (top) and write (bottom). The overhead of accessing application's own memory is negligible in Blindfold.
• Figure 5: LMbench latency micro benchmarks. The two bars for each benchmark represent the latency ratio on Non-sensitive and Sensitive configurations compared to the latency on Vanilla Linux, indicated by the horizontal dashed line.